Davide Cerri, Francesco Corcoglioniti
11th IEEE Conference on Commerce and Enterprise Computing (CEC’09), Vienna, Austria, 20-23 luglio 2009
People, companies, and public authorities can now have a strong on-line presence and a huge amount of interactions on the Internet, made possible by the impressive growth of the World Wide Web and of Web technologies. Many independent parties provide services and exchange information in a plural, dynamic, and open environment. This scenario, where interacting parties are often strangers, naturally brings to attribute-based access control solutions, as traditional identity-based systems are usually inadequate to large open environments. User attributes certified by external authorities, however, tend to be rather general-purpose and to reflect a user point of view, thus they often do not coincide with the concepts that are relevant for the service. In this paper we propose a framework to decouple the user point of view and the service point of view on user attributes: following our model, the service access control policy can focus on the concepts that are relevant for the service logic, whereas a separate attribute mapping policy establishes the bridge between the two domains.
©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.